Authentication of source, plus, for goods and services system, method, and components

ABSTRACT

A unique identifier is created for each article (clothing, accessories, jewels, fragrances, manufactures, etc.) for which the provider of the article desires to authenticate its Brand source to the party acquiring the article to substantiate to that acquiring party that they are receiving a genuine article. The unique identifier is so provided from a secure third party that also stores the unique identifier, possibly with other historical information, in a secure data base accessable only by authorized parties. The unique identifier may be provided on tags to be carried by the respective article or it may be applied directly to the article as by direct part marking from the material of the article and when so provided it includes a brand source identifier of the party providing the unique identifier as an additional protective measure. The unique identifier furthermore may be provided as an encoded, imageable symbology such as a “Data Matrix”.

BACKGROUND OF THE INVENTION

1. Field of Application

This invention relates primarily to authentication of the “source” ofBranded goods and services, as well as other aspects of such Brandedgoods and services; and, more particularly, to providing such Brandedgoods and services with a readily observable and authenticateableidentifier of at least Brand “source” authenticity.

2. Description of the Prior Art

Many parties (corporations, partnerships, individuals, associations,etc.) spend considerable amounts, possibly millions, in advertising andother marketing efforts to create Brand names and generate good will. Insome cases, further amounts (here again possibly millions) are oftenspent in developing products to be marketed under these Brand names.Successful Brand names represent a valuable asset of a party, and areoften the focus of great efforts undertaken to police the proper andauthorized use of such Brand names. Despite these efforts, successfulBrand names have been wrongfully exploited for years by unscrupulousparties such as manufacturers and resellers of counterfeit and/or stolenand diverted products. High price luxury type goods in particular havebeen, and continue to be, subjected to widespread counterfeiting, theftand diversion.

A Brand (or trademark, or service mark, as they are often referred to),as referred to herein, is any word, name, phrase, symbol, design ordevice or any combination of words, names, phrases, symbols, designs ordevices which identifies and distinguishes the “source” (such as themanufacturer, retailer, provider, etc.) of the goods or services of oneparty from those of another party. Brands are used by a party, inconnection with a product or products, or service or services, to helpconsumers (purchasers) identify that product, or service, anddistinguish that product, or service, from the products, or services, ofcompetitors. Brands indicate to consumers that a product, or service,comes from a “source”, even if the name of the “source” is unknown tothe consumer. Brands also function to indicate quality and reputation,thus creating good will in the proprietor (owner, “source”) of theBrand.

The use of Brands (trademarks and service marks) benefits the consumingpublic as well as the merchant or manufacturer of a product, or service.For the merchant or manufacturer, a Brand serves as an advertising tool,facilitating repeat sales and the successful marketing of new productsand services. Individual consumers rely on Brands to distinguish amongcompeting products and services and to represent a certain level ofquality they have come to expect when purchasing products or serviceswith which a particular Brand is used. By protecting Brands, severalbroader goals are furthered as well. Brands foster competition and themaintenance of quality by securing to the producer (the “source”) thebenefits of good reputation. Protecting Brands also serves to guard thepublic from inadvertent or intentional use of confusing or misleadingBrands.

The actual lost sales and profits attributed to wrongful activities(counterfeiting, theft, diversion, knock-offs, etc.) is but one aspectof the problem. An often more serious result is the damage done to thegood name and reputation of the Brand owner (“source”) especially wheninferior counterfeited merchandise is sold as genuine. In an effort tocounteract the problem, Brand name owners often aggressively pursuecounterfeiters, and introduce programs intended to eliminate or at leastreduce such illegal activities. While some programs have met ratherlimited short term success, the end rewards to the wrongdoers are oftenso large that the programs themselves have been copied.

According to one such program, Brand-authenticating holographs areincorporated into either the product packaging or a swing tag, or placedon the packaging or product in the form of a self-adhesive decal. Whileonce considered a novel and innovative approach, holograph technology isnow well known, and the cost of entry into the holograph manufacturingindustry is low. In today's market, counterfeit holographs arecommonplace. Thus the use of holograms has not proved effective to stemthe problem, especially for the consumer at the time and point of sale.

In another anti-counterfeiting program, a hidden authenticating device(such as one that incorporates RFID technology, or special threads or achemical) is incorporated into the product. This approach isproblematic, as it is generally difficult to control and lacksstandardization with regard to where to place the device. While thehidden device is detectable by field inspectors checking a reseller'sinventory, consumers are generally unaware of the device, and whether ornot the Brand “source” of the merchandise is genuine and authenticatedas such. A still further approach uses moving image labels (including3D) typically manufactured with a paper printing image including PVCreflectors. This method, however, is often unsuitable for the intendedgoods or services. Furthermore, the technology is well known, thusleading to the same problems realized from holographs.

Many programs utilize a multi-layer approach to product security withboth overt and covert types of identifiers incorporated into the productand/or its packaging. However not only does this add unacceptably to theproduct cost but it does not seem to provide a consumer with Brand“source” authentication, especially at the time and point of sale.

The use of serial numbers to track, and hopefully control, productsecurity has proved helpful for vehicles as VIN (Vehicle Identification)Numbers, and also for product warranty purposes. But, serial numberingalone does not seem to be an effective Brand “source” authenticator forthe consumer as they do not currently have ready access to theidentifying data base, or any indicator that authentication is availableto them, at the time and point of sale. Systems, such as those shown inU.S. Pat. No. 5,521,815 for “Uniform System For Verifying and trackingArticles of Value” and in U.S. Pat. No. 6,076,064 for “Uniform SystemFor Verifying And Tracking The Title of Articles or Objects of Value”are further examples of complex and expensive product security systemsthat require access to data bases, through computer terminals, to verifyproduct security and would prove cumbersome to a consumer at the timeand place of sale and, as such unacceptable.

U.S. Pat. No. 6,099,930 for “Methods and Marking Digital Compact DiscsAs A Means To Determine it's Authenticity” utilizes near infraredflurophores; but, requires a protective cover layer which would not onlybe unacceptably detrimental to the aesthetics of the product but might,as well, be unusable for items of jewelry and the like. U.S. Pat. No.6,533,180 for “Security Label and Method of Use” also only provides anobtrusive and unacceptable label that must be attached to the product;while U.S. Pat. No. 6,578,112 requires special buttons with a complexand relatively expensive sewing machine to attach the buttons with arelatively complex stitch.

SUMMARY OF THE INVENTION

Therefore, it is an object of the invention to provide a new and novelauthenticity identifier, system, method and components forauthenticating the “source” of Branded articles.

It is another object of the invention to provide a new and novel Brandauthenticity system which utilizes a specially designed authenticator tobe carried by an article so as to be easily and obviously locatedthereon.

It is another object of the invention to provide a new and novel Brandauthenticity system which utilizes a specially designed authenticator tobe carried by an article so as to be easily and obviously locatedthereon, at least by a consumer at the time and point of sale.

It is another object of the invention to provide a new and novel Brand“source” authentication system wherein the authenticator is encoded andprovided under authority of the Brand “source” to indicate the Brand andby doing so authenticating the legitimate “source” of an article.

It is another object of the invention to provide a new and novel Brand“source” authentication system wherein the authenticator carries anobviously observable Brand “source” of the authenticator andauthentication system.

It is another object of the invention to provide a new and novel Brand“source” authentication system wherein the authenticator may alsoinclude a trademark of the Brand owner.

It is another object of the invention to provide a new and novel Brand“source” authentication system wherein symbology encoded authenticatorsare supplied in sets to Brand owners, who would then control theirfurther use

It is another object of the invention to provide a new and novel Brand“source” authentication system wherein symbology encoded authenticators,each including unique identifying codes to provide individual itemidentification and authenticity, are supplied to Brand owners, who wouldthen control their further use

It is another object of the invention to provide a new and novel Brand“source” authentication system wherein symbology encoded authenticatorsare supplied in sets, with each authenticator in the set seriallynumbered, to Brand owners, who would then control their further use.

It is another object of the invention to provide a new and novel Brand“source” authentication system which readily identifies Brand “source”genuine articles and may further identify other characteristicspertinent to the article.

It is another object of the invention to provide a new and novel Brand“source” authentification system which promotes support through anadvertising campaign, putting customers, vendors and manufacturers onalert against counterfeiting and other wrongdoings and the penaltiesthat may result.

It is another object of the invention to provide a new and novel Brand“source” authentification system which promotes support by subjectingpirates to multiple legal causes of action.

It is another object of the invention to provide a new and novel Brand“source” authentification system which has a centralized control andsupply of authenticators.

It is yet another object of this invention to provide a new and novelsymbology reader/imager/decoder particularly for a Brand “source”authentication system.

It is yet still a further object of this invention to provide a new andnovel combination of encoded symbology and reader/imager wherein theencoded symbology and the symbology carrier are of such a high qualityas to effectively minimize the cost of the reader/imager while stillproviding accuracy of decoding of the symbology.

It is yet still an even further object of this invention to provide anew and novel authenticator wherein both direct part marked encodedsymbology and an RFID encoded chip are combined for Brand “source”authentication and for other ID purposes if desired.

These and other objects of the present invention are achieved in thepreferred embodiments disclosed below by providing Brand “source”authenticators for authenticating at least the “source” of amanufactured article.

According to a preferred embodiment of the invention, the Brand “source”authenticator is displayed at any suitable location upon and/or withinthe article, preferably on an outside surface; but always as a statussymbol that the article is Brand “source” authenticated.

According to the preferred embodiment of the invention, the Brand“source” authenticator is a relatively thin, circular disk having atleast its own Brand applied thereto as well as encoded symbology.

The present invention provides a solution for reducing counterfeiting.While the system of the invention could theoretically be copied, thecost of doing so—and the risk of being caught—would be too high tojustify the rewards. By incorporating consumer education into the systemand advertising the method of detecting counterfeit products, the marketfor counterfeit goods sold as genuine would be greatly curtailed.

BRIEF DESCRIPTION OF THE DRAWINGS

Some of the objects of the invention have been set forth above. Otherobjects and advantages of the invention will appear as the descriptionproceeds when taken in conjunction with the following drawings, inwhich:

FIG. 1 is a plan view of a new and novel Brand “source” authenticator,incorporating the instant invention, enlarged to better show detailsthereof;

FIG. 2 is a side view of the Brand “source” authenticator of FIG. 1;

FIG. 3 is a perspective schematic of a new and novel imager/reader,incorporating the instant invention, shown spaced from an authenticator,such as that of FIGS. 1 and 2, but about to be moved into position toimage and read the encoded symbology carried by the authenticator;

FIG. 4 is a vertical section through the imager/reader of FIG. 3 showingsame in position against a Brand “source” authenticator, such as that ofFIGS. 1 and 2, and showing the Brand “source” authenticator beingcarried by a piece of an article or other goods;

FIG. 5 is a vertical view of the imaging system of the imager/reader ofFIGS. 3 and 4 removed from the imager/reader to better show detailsthereof;

FIG. 6 is a schematic arrangement of some of the components of a new andnovel Authentication Station for a Brand “source” authentication systemincorporating the instant invention;

FIG. 7 is a block diagram of the authentication station of FIG. 6;

FIG. 8 is a block diagram of the new and novel authentication systemincorporating the instant invention;

FIG. 9 is a block diagram of the new and novel web portal, incorporatingthe instant invention, for the authentication system of FIG. 8

FIG. 10A is a block diagram of the new and novel communication linksbetween the web portals and data banks of the authentication system ofFIGS. 8 and 9;

FIG. 10B is a block diagram of an alternative embodiment of new andnovel communication links between the web portals and data banks of theauthentication system of FIGS. 8 and 9;

FIG. 11 is a schematic section through the symbology of the instantinvention as shown, for example, in FIG. 1

FIG. 12 is a schematic section through another portion of the symbologyof the instant invention as shown, for example, in FIG. 1;

FIG. 13 is a perspective schematic view, similar to that of FIG. 3, butshowing separate sources of illumination to facilitate imaging andreading the encoded symbology carried by the authenticator;

FIG. 14 is a perspective schematic view of an alternative embodiment ofreader/imager, incorporating the instant invention and equipped with asource of illumination;

FIG. 15 is a perspective schematic view of another alternativeembodiment of reader/imager, incorporating the instant invention andequipped with an alternative source of illumination;

FIG. 16 is a perspective schematic view of yet another alternativeembodiment of reader/imager, incorporating the instant invention andequipped with a further alternative source of illumination;

FIG. 17 is a schematic of an alternative embodiment of authenticatorincorporating the instant invention and cut away in part to better showboth direct part marked 2D encoded symbology as well as an RFID chipwhich also includes encoded symbology;

FIG. 18 is a sketch of a cutting tool for use with the authenticator ofFIG. 17 to facilitate attaching same to an article to have its Brand“source” authenticated;

FIG. 19 is a sketch of the cutting tool of FIG. 18 utilized with a depthgauge to form a seat in an article, to have its Brand “source”authenticated, to receive the authenticator of FIG. 17;

FIG. 20 is a sketch of the authenticator of FIG. 17 seated and attachedto an article that is to have its Brand “source” authenticated and whichis cut away in part to better show the inbedded RFID chip;

FIG. 21 is a schematic perspective showing of an alternative embodimentof authenticator. Incorporating the instant invention, that has theencoded symbology direct part marked on its surface and fabricated forinsertion into a metal casing, such as a watch case so that thesymbology may be read and decoded;

FIG. 22 is a plan view of an article of jewelry with the authenticatorBrant and encoded symbology direct part marked into the material of thejewelry; and

FIG. 23 is a side view of the article of jewelry of FIG. 22 with theauthenticator Brant and encoded symbology direct part marked into thematerial of the jewelry.

DESCRIPTION OF THE INVENTIVE EMBODIMENTS

With reference to FIGS. 1 & 2 there is generally shown an authenticator50 incorporating the instant invention and which is fabricated from anauthenticator blank 52 of predetermined configuration, size andthickness. While authenticator 50 is shown as fabricated from a circularblank 52 it may just as well be fabricated from a blank of anyconvenient configuration such as square, triangular, oval, hexagon,octagonal, or the like, depending on the information to be carried bythe authenticator and the aesthetics and other criteria of theauthentication system and authentication system provider. Authenticatorblank 52 is preferably fabricated from good quality steel or othermetal, or combinations or compounds of metal, and so as to provide adata field 54 on a surface 56 that will accept encoded symbology 58applied therein as by direct part markings such as by dot peening.Ceramics, glass, plastics and other materials, natural and/or synthetic,suitable to accept direct part markings of encoded symbology 58, mayjust as well be utilized for authenticator blanks 52 While authenticator50 is shown and described with direct part markings it may just as wellhave its encoded symbology 58 applied onto a substrate and the substrateaffixed to surface 54 of authenticator 50.

One or more Brand fields 60, 62, 64 are also provided on surface 56 ofauthenticator blank 52 in addition to data field 54. At least one ofsaid Brand fields 60, 62, 64 is to carry and display the Brand of theauthentication system provider or Brand “source” of the authenticatoritself. While all or some of the Brand fields 60, 62, 64 may also carryand display the Brand of the authentication system provider one or moreof said Brand fields 60, 62, 64 may be allocated to carry and displaythe Brand to be authenticated or other Brand of the Brand “source” to beauthenticated. Such Brands of the authentication system provider and theBrand “source” to be authenticated which are carried and displayed infields 60, 62 and 64 are so carried and displayed unencoded and userrecognized; while authentication data 68, carried by and displayed inauthentication field 54, is allocated preferably to encoded symbology58.

Encoded symbology 58 is shown as a 2-D, Data Matrix type, symbology Inthe matrix code format, black data elements (cells) usually represent abinary “1” and white data elements (cells) usually represent a binary“0”; but the opposite is also possible. When these binary values areused together in specific sequences, they represent alphanumericcharacters. The basic elements of encoded matrix symbol 58, althoughshown, for example, as a square, may also be rectangular, circular or ofother configurations, and usually include a data storage field 72disposed between either a solid border 74 or a broken border 76, or acombination of same, to facilitate location and decoding of the encodeddata. White data cells 78 and black data cells 80 are arranged withindata storage field 72, through known conventional methods, to provideencoded data, information and the like. Data Matrix symbol 58 is of thetype which has been placed in the public domain and has been recommendedby the American National Standards Institute (ANSI) for use in directpart marking. Generally encoded symbols, such as symbol 58, are appliedto a carrier strip such as a pressure sensitive label which could thenbe applied to authenticator 50. However It is preferable for the instantinvention to apply symbology 58 by direct part marking for reasons andby methods to be described in greater detail hereinafter.

In direct part marking, according to the instant invention, the machinereadable-encoded symbology 58 is to be formed from the same material asauthenticator blank 52. Thus, encoded symbology 58 is not to begenerated as an arrangement of black and white cells carried by a whitesubstrate. The entire data storage field will appear to the naked eye asa single color, the color of authenticator blank 52; and, as such, boththe binary 1's 80 and the binary 0's 78 may also appear to the naked eyeas being of the same color, the color of authenticator blank 52. Itshould be noted that to better explain the instant invention forsymbology 58 the binary 1 data cells 80 are illustrated in black and thebinary 0 data cells 78 are illustrated as white, but in actuality suchcells will appear to the naked eye as being of the same color, ofauthenticator blank 52; however, as will be hereinafter explained suchcells will appear to the imager/reader as being of differentreflectivity.

A shank 98 (FIG. 2) may be fabricated to extend down from authenticatorblank 52 to facilitate attachment of authenticator 50 to the product,article, the Brand “source” of which is to be authenticated.

The encoding of symbology 58, to be explained in greater detailhereinafter, will include at least the Brand of the “source” for theparticular article, as specified by the “source”, as well as anidentifier unique for each article to be so authenticated. The uniqueidentifiers are to be provided by the Brand “source” authenticationsystem; as will be described in greater detail hereinafter, and may be,for example, individual serial numbers with a different serial numberfor each such article. Authenticators 50 are prepared for the instantBrand “source” authentication system by the “source” for such system andunder authority of the legitimate ‘source” for the Brand beingauthenticated. As such, by authenticating the Brand the legitimate Brand“source” is also authenticated.

FIGS. 3 and 4 show an imager/reader 100, incorporating the instantinvention, and disposed to be positioned to image and read encodedsymbology 58 (FIG. 3) carried by an authenticator 50 (FIGS. 3 and 4)which is secured to an article 102 by means to be hereinafter describedin greater detail. Imager/reader 100 includes an imager/reader body 104provided with a nose cone 106 fabricated from translucent material tothereby act as a diffuser for whatever illumination is to be directedupon encoded symbology 58 of authenticator 50. Nose cones 106 arefabricated to be readily removable and replaceable by other nose cones106 of different lengths and other characteristics to facilitateimaging/reading of symbology 58. The respective lengths of the nosecones 106 are selected so that when a leading edge 108 thereof ispositioned against the surface 56 of authenticator 50, and withsymbology 58 positioned within an opening 110 at the leading edge 108 ofthe respective nose cone 106, the symbology 58 will be positioned at theappropriate focal length for a lens 112 and a camera device 114 disposedwithin body 104 of imager/reader 100. Lens 112 and camera device 114 aresecured within imager/reader body 104 in spaced relationship to co-actwith each other so that an image of symbology 58 will be disposed upon asensor 116 of camera device 114 for transmission there from along acable 118 to a suitable and conventionally available computer 120 (FIGS.6 and 7) of an authentication workstation 130 (FIGS. 6,7 and 8) fordecoding and subsequent use. Sensor 116 of camera 114 is selected hereinto be of the CMOS type but a sensor of the CCD type may also beutilized. Sensor 116 is coupled through appropriate and conventionallyavailable camera circuitry which in the disclosed camera 114 is carriedby a pair or circuit boards 122 coupled thereto to provide a read outthere from to computer 120 (FIGS. 6 and 7) at authentication workstation130.

A lens mount 124 FIGS. 4 and 5) is provided within imager/reader 100 tofacilitate positioning lens 112 between camera device 114 and opening110 of nose cone 106 so that encoded symbology 58 carried by anauthenticator 50 and positioned for imaging by imager/reader 100 is at aproper focal position. Lens mount 130 may be fixedly positioned withinimager/reader 100 or it may be mounted for relative movement along withits lens 112 with respect to sensor 116 of camera device 114 to providea movable focal plane for symbology 58 to be imaged and decoded. Nosecone 106 may also be fixedly mounted to imager/reader body 104 or it maybe interchangeably secured thereto for replacement by other nose conesof alternate lengths and with an opening 110 of different sizes andconfigurations to accommodate encoded symbology fields 54 of differentsizes shapes and/or configurations for authenticators 50. Nose cone 106may also be interchangeable with nose cones of other constructions aswill be hereinafter explained in greater detail. An operating button 126(FIGS. 3 and 4), appropriately and suitably connected to systemcomponents functions to operate imager/reader 100 and to initiateoperation of the authentication system.

Nose cone 106 functions herein as an illumination diffuser and not anillumination waveguide or light pipe. It is composed of a translucentmaterial that passes ambient light to effect a ‘cloudy day’ or‘diffused’ or ‘scattered’ light illumination. If there is sufficientambient light (from overhead lights or table lights in a store), thenadditional illumination may not be necessary. The nose-cone wallthickness and opacity may also be varied. As previously set out nosecone 106 is interchangeable and is an integral concept of theimager/reader. Nose cones of various lengths may be utilized dependingon the focal lengths to be encountered. In addition the openings at theend of the nose cone may be varied in diameter and configuration toaccommodate encoded symbology of the various sizes and configurations.Not only will different length nose-cones effect appropriate focallengths to image symbology being read; but the end of nose cone 106 mayalso be tailored to match the shape of the object being processed. (Forexample a watch may have a Data Matrix on the face of the watch belowthe crystal, requiring a shorter nose-cone. The end of nose-cone 106 mayalso be machined to provide for precise alignment for centering theimage in camera device 114.

Authentication workstations 130 (FIGS. 7 and 8) are provided at selectedfacilities and locations which preferably may include locations such asmanufacturing plants 132 (FIG. 8), supply-chain warehouses 134, retailstores 136, and administrative offices 138. Authentication workstations130-138 are the user's point of access to the authentication system.Each such workstation 130-138 is shown to include one or more laptop orlow-end desktop computers 120 (FIG. 6), of substantially conventionalconfiguration, running an Internet Explorer web browser 150 (FIG. 7)also of conventional configuration. Converting an existing computer 120into an authentication workstation 130-138 requires nothing other thanweb browser 150 (FIG. 7) with an appropriate connection 152 to accessthe available internet 154. Users of the authentication system accessthe software from within a standard web browser running on low-endconsumer-grade computers or integrated workstations containing embeddedprocessors. There is no installation footprint for authenticationworkstations 130-138. The bulk of the software is run on substantiallyavailable web portal servers 160 (FIG. 8), and only a conventionallyavailable small control interface (OCX) 162 (FIG. 7) runs on theworkstation 130-138 to provide control of camera DLL (Dynamic LinkLibrary) 164 and Data-Matrix decoding DLL 166.

Authentication workstation architecture (FIG. 7) includes the use of astandard and substantially available web browser such as InternetExplorer 150 to provide reliable authenticated results. However, becausethe authenticating party must use imager/reader 100 with its associatedsophisticated Data-Matrix decoding software located in computer 120,standard HTML web content 172 (FIG. 7) may be insufficient to provideall the features necessary for the authentication system of the instantinvention. Native code CAB bundle 174 is a compilation of non-HTMLcontent that will run natively and conventionally at workstation 130.Bundle 174 is downloaded and executed seamlessly by web browser 150. Thedownload occurs once, on the first connection of web-browser 150 to webportal 160. Thereafter, native bundle 174 remains on an authenticationworkstation local disk. Native bundle 174 includes USB camera DLL 164and data-matrix decoding DLL 166, along with control interface 162 toexpose the functionality to web browser 150. Decoding is done at anauthentication workstation 130 to maximize bandwidth efficiency. Adecoded symbology code is less than 0.1 Kbytes, whereas an un-decodedcaptured image is roughly 300 Kbytes (a 3000× increase). Becausedecoding is done at a workstation 130-138, each workstation 130-138 mayneed to be licensed to use a decoding software 166. Most likely, asite-license may be purchased from a licensor that will enable allworkstations 130-138 to be licensed for use as authenticatingworkstations 130-138. Microsoft Internet Explorer conventionallysupports control interface 162 to execute native code 174. Other popularweb browsers include Firefox, Safari (Macintosh), and Opera. Becauseother web browsers have a different interface for executing native code,an additional native bundle may need to be developed for each webbrowser that the authentication software must support. In practice, allthe web browsers except Internet Explorer use a very similar API(Application Programmer Interface) for execution of native code.Therefore it is likely that one additional implementation of the nativecode bundle will cover the majority of other popular web browsers.

Authentication workstations 130 in association and communication withweb portal servers 160 and substantially conventionally available datawarehouses 190 FIG. 8) provide a 3-tier architecture 200 as shown inFIG. 8 for the authentication system of the instant invention. Massivescalability is thus available through the described application designthrough wide-area distribution, that is furthermore flexible enough toallow the system features to evolve over time. The physical locationsfor data warehouses 190 and portal servers 160 need not be distributedacross 2 facilities, or even 2 computers; and, as such, they mayco-exist in the same computer until the authentication system is largeenough to merit their separation.

Each data warehouse 190 stores chain-of-custody data for authenticatedarticles in relational databases. A data warehouse 190 might consist of1 or more Oracle (or other brand) database servers running on high-endserver computers. Selected locations for data warehouses 190 might bespread all over the world in strategic locations to mitigate the cost ofconventional communication links (not shown) to the nearest web portal.160. Providing data warehouses 190 as a distinct tier in theauthentication system architecture of the instant invention also enablesBrand “source” parties to store there own selected identification dataon server computers maintained at their own private facilities.

The locations for portals 160 serve as Internet connection points forthe multitude of authentication workstation 130 computers 120 accessingthe authentication system. A web portal might consist of 1 or moreconventionally available web servers 192 running on high end servercomputers. Multiple web portals 160 create redundancy in the system whena facility loses power or Internet connectivity. Also, strategicallyplacing web portals 160 around the world provides faster Internet accessto more locations by proximity. As such web portals 160 constitute keycomponents of the top-level topology of the authentication system forthe instant invention, as shown by way of example in FIG. 8. Each webportal server 160 runs: a conventionally available web server 192, suchas an Apache; the authentication system web-application 194, and othersoftware. Connectivity is through the Internet (secure sockets, SSL) andthrough dedicated private communication lines to the locations of datawarehouses 190. Web portals 160 perform the business logic of theauthentication system. Dynamic HTML content is generated by theauthentication system web application and is served to clients by theweb server.

Aiding the authentication system web application of the instantinvention is a data base request daemon (DBRD) 200 (FIG. 9), whichperforms the tasks of actually interfacing with the relational databasethrough a conventionally available relational data base managementsystem (RDBMS) 202 The purpose of database request daemon 200 is toabstract and decouple the database communications from theauthentication system web application. Since there will likely benumerous locations for database warehouses 190 and numerous locationsfor web ports 160, it is unlikely that every web portal 160 can have adedicated connection to every database warehouse 190 (due to excessivecost). Therefore, each web portal 160 may be provided with a connectionwith a subset of the data warehouses 190, such as shown in FIGS. 10A and10B, and if a portal 160 requires data from a database 190 with which ithas no connection, then data base request deamon 200 can forward therequest for data to another web portal 160 whose data base requestdeamon 200 has a direct connection with the required database 190. Thisarchitecture mitigates the need for a private communication lines forevery location of and combination of web portal 160 and data warehouse190 and reduces the required number of dedicated communication lines todata warehouse locations 190 by allowing web portal sites 160 to forwardrequests to each other Data base request daemon 200 will likely be builtusing a standardized message service that already provides the complexfunctionality of synchronously guaranteeing message delivery. Suchmessaging service APIs (application programmer interface) may includeJMS and MSMQ.

Encoded symbology 58 (FIG. 1), as provided onto surface 56 ofauthenticator blank 52 of authenticator 50, is preferably providedthereon thru laser application or dot peening of a 2D data-matrix typeencoded symbology. It should be understood, nevertheless, that other 2Dencoded symbologyies may just as well be utilized, that even 1D linetype bar codes may be employed and that such symbology need not beencoded and that even alpha, numeric and alpha-numeric characters may beemployed as symbology 58. While symbology 58 is preferably direct partmarked onto or into its surface 56 it may also be first applied to asubstrate which is thereafter secured to surface 56 of authenticatorblank 52. The “1” or “0” elements of symbology 58 may, when direct partmarked, be provided as indentations into surface 56 of authenticatorblank 52 or as raised elements upon such surface 56; it being furtherunderstood that the alternative element “1” or “0” will constitute thesurface 56 of authenticator blank 52. The size of the field within whichthe encoded symbology is to be placed and of the encoded symbologyitself may be selected with sizes between 1 mm and 10 mm beingpreferred. The respective size of the authenticator is to be selected toaccommodate the size of the encoded symbology as well as the otherindicia to be carried by the authenticator.

Authentication workstations 130 of the Brand “source” authenticationsystem are used as routers to send validation queries to the appropriatedatabase 190 for validation. Databases 190 can reside either at a Brand“source” site or at an authentication system server location. Theauthentication system is used to authenticate articles (products, goods)from multiple companies and having a single authentication workstation130 at a Point Of Sale location reduces the system cost. While theauthentication system has the capability to log identifier queries andaccumulate statistics for sales purposes, this feature is an optionalservice and is only activated upon Brand “source” request. Theauthentication system Code of Ethics includes that no Brand “source”data will be monitored without Brand “source” written approval.

FIG. 3 shows imager/reader 100 being positioned to image symbology 58for subsequent decoding and use for purposes of the instant invention.Imager/reader 100 is moved in the direction of arrow A (FIG. 3) so thatopening 110 of nose cone 106 is positioned against surface 56 ofauthenticator 50 with its encoded symbology 58 within opening 110, asshown in FIG. 4. Ambient illumination passes through nose cone 106 andilluminates surface 56 of authenticator 50 so that illuminationreflected off of surface 56 and encoded symbology 58 will pass throughlens 112 (FIG. 4) and upon CMOS senser 116 (FIG. 5) for subsequentdecoding and use. FIGS. 11 and 12, by way of example, illustrate aportion 210 of an encoded symbol 58 with recessed areas 212 separated byadjacent part material surfaces 214 of the symbol at the level of theauthenticator surface 56. Illumination 216 is projected towardssymbology 58 at an angle and so that the reflections from recesses 212and surfaces 214 present sufficiently different contrasts upon sensor116 to provide an accurate differential there between and an accuratedecoding of encoded symbology 58.

Where there is insufficient ambient illumination additional illuminationmay be provided through free standing or fixedly positioned illuminationsources 230 as shown, by way of example in FIG. 13. Imager/readers 240(FIGS. 14), 250 (FIG. 15) and 260 (FIG. 16) provide additionalembodiments of ring-light type illumination sources 242, 252, and 262respectively to compliment ambient illumination or where there is eitherno ambient illumination or available ambient illumination isinsufficient to prove an accurate and readily decodable image for sensor116. Ring-light embodiment 242 (FIG. 14) includes a ring-light 244,sandwiched between translucent nose cone 106 of illuminator 240 and anopaque nose cone outer shell 246. A slot 247 is formed to extend thelength of shell 246 and so as to permit a handle 248, extending fromring light 244, to be adjusted along the length of slot 247 and nosecone 106. Ring light embodiment 252 (FIG. 15) includes a reflective cup254 with illumination sources 256 in a substantially horizontal planepointing toward the center of a substantially cylindrical nose cone 257.Reflective cup 254 can either be fixedly secured to nose cone 257 oradjustable along nose cone 257 and provided with a clamping device 258.Cup 254 may also be fabricated and configured to turn spirally in grovesformed in an outer surface of nose cone 257. Any wires, connectingillumination sources to a suitable source of power, can be coiled up incup 254 as it moves upwardly along nose cone 257. In the embodiment ofFIG. 16 ring light 262 is fabricated to slide along rods 264 carried bybody 266 of imager/reader 260. An Illumination source or sources 268 iscarried by ring light 262 and connected to a source of power byconductors extending through rods 264. Ring lights 242, 252 and 262provide for more uniform lighting into the respective diffusernose-cones 106, and 257. The respective ring lights can consist of 2 ormore red or white LED's, a mixture of red and white LED's, or alternatered and white LED's in a ring. In combination with the ring-lights,portions 259 (FIG. 15), 269 (FIG. 16) respectively of the nose-cone maybe made opaque to minimize the effect of unwanted ambient light. Therespective ring-lights can be either a thin sandwich style, like awasher, with all the leds pointing to the center of the hole, or beintegrated in a reflector with a curved surface that improves thecapture of scattered light. By sliding a ring-light downward (either onrods attached to the housing, or press fit on a cylindrical portion ofthe nose-cone, or sandwiched between and inner and outer shell nose-conewith an arm extending through a vertical slot), one can shift theillumination pattern from ‘cloudy day’ toward ‘dark field illumination’(low angle illumination). Either cloudy day and dark field illumination(or a mix of the two) can be provided, depending on the surface of theData Matrix symbology being read, by properly positioning the ring-lightalong the translucent nose-cone.

An alternative embodiment of authenticator 300, incorporating theinstant invention, is shown in FIG. 17. Authenticator 300 is fabricatedfrom materials similar to those of authenticator 50 of the FIGS. 1 and 2embodiment and includes a surface 302 carrying encoded symbology 304formed and otherwise similar to and for use as the previously describedembodiments. Body 306 of authenticator 300, however, is formed with aspace 308 therewithin. An RFID chip 310 is housed within space 308 forreasons to be explained. A groove 312 is formed around body 308 ofauthenticator 300 to facilitate its installation on an article. Toeffect such installation first a tool 320 (FIGS. 18 and 19) with acutting edge 322 is positioned within a tool guide 324 (FIG. 19)positioned on a surface 326 of an article 328 the Brand “source” ofwhich is to be authenticated. Article 328 may be a watch or piece ofjewelry or the like. Cutting tool 320, when positioned within tool guide324 and utilized, will form a recess 330 in surface 326. The height of ashank portion 334 of tool 320 is selected to equal the depth “y” ofrecess 330 plus the height “x” of tool guide 324 so that when anundersurface 336 of a cap portion 338 of tool 320 touches an uppersurface 340 of tool guide 324 recess 330 will be formed to its selecteddepth “y”. An appropriate adhesive 342 is disposed within recess 330sufficient to fill groove 312 of authenticator 300 and any portion ofrecess 330 not occupied by authenticator 330.

By including RFID chips 310 in authenticator 300 tracking the movementof batched articles is greatly facilitated and enhanced. However suchRFID chips are typically not used for Brand “source” authentication.RFID chips provide a complementary technology and RFID can be used totrack Brand “source” authenticated articles along the supply chain. AnRFID chip should be able to identify identifiers contained within acontainer through appropriate database functions. Database 190 isdesigned to accommodate logging article tracking along the supply chainfrom manufacturing site to distribution center. However, Brand “source”authentication for such articles requires scanning of the actualauthenticator on the article, rather than being inferred from an RFIDdatabase entry.

Yet another alternative embodiment of Brand “source” authenticator,incorporating the instant invention, is shown at 350 in FIG. 21.Authenticator 350 includes a surface 352 upon which encoded symbology354 is applied, as by laser or dot peening in the manner and forpurposes hereinabove described for previously described embodiments ofthe instant invention. Authenticator 350 is fabricated from materialsdescribed for use in fabricating authenticators previously describedherein and is substantially cylindrical in external configuration withexternal threads 356 formed thereabout for engagement with internalthreads 358 formed in article 360 the Brand “source” of which is to beauthenticated. Article 360 may be an article of jewelry such as abracelet or a band for a watch, or the like.

Still another Brand “source” authenticator 400 is shown in FIGS. 22 an23.. Authenticator 400 is, itself, a gem stone with a surface 402 uponwhich encoded symbology 404, of the types previously described herein,is applied by direct part markings as by laser or the like.Authenticator 400 may be a separate gemstone affixed to an article406(FIG. 23) such as a watch; or it may be a gemstone such as a diamondor the like.

To utilize and apply the Brand “source” authentication system describedin this application the Brand “source” (manufacturer, distributor,wholesaler, retailer or the like) requests batches of symbology encodedserial numbered authenticators, such as authenticators 50, 300, 350, or400, from the independent, third party, authentication system “source”or a different third party vendor approved by the authentication system“source”. (An approved authenticator “source” may also be the article,product, manufacturer.) The symbology encoded serial numbers oridentifiers, of the authenticators so provided are not entered intodatabase 190 (FIG. 8) until the batch is released to manufacturing.Access to database 190 is via secure terminal links (https:) asdescribed herein with respect to FIGS. 7, 8 and 9) with special loginsand passwords for entering new identifiers for each manufacturingfacility. An audit trail is created for each identifier entered intodatabase 190, including the logging of user id, login terminal id (ipaddress) and date. The identifiers of the so supplied encoded symbologyauthenticators are enterprise-specific and only authorized persons atthe destined enterprise are able to enter new authenticator identifiersinto database 190. If symbology encoded, serial numbered authenticatorsfall into devious hands, those hands must have access to the specificenterprise workstation authorized to enter the identifiers into database190. Periodically changing of passwords is recommended as a furtherdeterrent to un-authorized terminal access.

A fixed format for authenticator symbology encoding is preferred. Thereis, however, also an option of a Brand “source” using their ownencryption on a portion of the encoded symbology. The encryption key canbe kept confidential by the Brand “source” or it can be stored indatabase 190, at the Brand “source's” option. The identifier preferablyconsists of either a 3 character preamble starting with {VM-??} or a BAxwhere BA indicates it is a Brand Authenticator code string and x is a 1character identifier for the type of encoding sequence to follow andfollowed by a 6 character authenticator Brand “source” assignedenterprise identifier unique to each Brand “source” site. The remaininginformation is up to the Brand “source” but should contain a productidentifier, a unique serial number and optionally a date and lot code.However, the one requirement is that each identifier be a unique number,whether it is encrypted or not.

A party, such as a purchaser of a Brand “source” authenticated article,may first visually inspect the article to see if it carries a Brand“source” authenticator. The party then may either themselves utilize anauthentication workstation 130 (FIGS. 6, 7 and 8) or request a salesperson to authenticate the Brand “source” before purchasing the article.Authentication then requires positioning nose cone 106 of imager/reader100 against encoded symbology 58 of the authenticator 50 carried by thearticle and operating imager/reader 100 by operating button 126 carriedthereby a hereinabove described in greater detail. The successfulreading of encoded symbology 58 and decoding thereof by computer 120results in transmission of the encoded data through web portal 160 todata warehouse 190 for comparison to comparable data stored in warehouse190. A positive comparison with the stored data that the article beingauthenticated is the article with the data sent to warehouse 190 by theBrand “source” thereafter appears on the screen 500 (FIG. 6) of computer120 as well as on a monitor 502 interconnected by a suitable cable 504to computer 120. Also interconnected to computer 120, by a suitablecable 506, is a printer 508 which upon a proper signal from computer 120will print an Authenticity Certificate for the article to be purchasedindicating thereon the Brand “source” trademark(s) and/or Logo(s) aswell as the place and date of purchase if so configured to do so.

The herein described Brand “source” authentication system databaseincludes a number of built-in checks to catch duplicate identifiers. Aspart of the validation process, a chain of custody record may be storedin database 190. Once an article has been sold, or otherwise moved fromthe Brand “source” the information is added to the chain of custodyrecord. That chain of custody may thereafter be compared with theintended chain of custody. If the two do not match, validation will nottake place. If an identical identifier is submitted for authenticationafter the initial sale, it will not be validated and the requestorinformation will be recorded in a fraudulent identifier report. Thedatabase has a provision to allow changes in custody as by transfer ofownership once an item has been sold. Resale information can be enteredby an authorized authentication system user. The fraudulent identifierreport also flags multiple sales of an identifier within a given timeperiod. It should be noted that authenticators include a copyrighted andtrademarked logo and making copies of it violates copyright andtrademark laws permitting active prosecution of infringing violators.

If desired a current owner should have received an AuthenticityCertificate 510 (FIG. 6) at the time of their purchase. An authorizedretailer with an authentication system can verify that the Certificateis valid and the owner matches the owner of record if that informationhas been made available. The authorized retailer can then flag thearticle identifier for resale in the data base 190 and receive back aresale confirmation code. The purchaser can bring the item to anauthorized retailer and along with the resale confirmation code beregistered as the new owner of record. A digital fingerprint is providedon the Authenticity Certificate and, in turn, provides theauthentication system with a means to guarantee against a) fraudulentcertificates created by a hacker, and b) fraudulent alteration of theauthentication system database by a hacker. If any hacker tries tocreate a false certificate, it is impossible for them to generate anaccurate digital fingerprint because this data is generated by applyinga secure checksum to all the database transactions that led up to thecreation of a valid certificate. It is impossible for a hacker togenerate such secure data. If any hacker tries to unscrupulously alterthe authentication system database, the digital fingerprint willnecessarily change as a result of the hacker's database changes, and theauthentication system will immediately detect the attempted unauthorizeddatabase alteration.

The validation process uses secure 128-bit encrypted communication tothe authentication system server. A secure crytographic certificate,researched and authenticated by a well-known and trusted issuingauthority, XYZ. XYZ and other certificate-issuing authorities performextensive research to guarantee that all cryptographic certificates theyissue really belong to the companies who use them. Furthermore, allmodern web browsers will refuse to accept any certificate issued by anyauthority other than those that perform the physical research necessaryto prove the identity on their certificates. Therefore, a hackerattempting to create a certificate that a web browser will accept andwhich claims to be from the herein disclosed and describedauthentication system is impossible.

It is understood that although there has been shown and describedpreferred embodiments of this invention that various modifications maybe made in the details thereof without departing from the spirit ascomprehended by the following claims.

1. A Brand “source” authenticator; comprising, a). a carrier with atleast a first people observable surface; b). authenticator indiciacarried by said first people observable surface; c). said authenticatorindicia indicating the “source” of the Brand “source” authenticator; d).authentication indicia also carried by said carrier; e). a selectedportion of said carrier being usable to attach said carrier to anarticle the Brand “source” of which is to be authenticated; and f). saidauthentication indicia including at least encoded symbology which, whendecoded, indicates the Brand “source” of the article to which saidcarrier is to be attached.
 2. The Brand “source” authenticator of claim1 wherein said authentication indicia further includes an identifierunique to each individual article to which said carrier is to beattached.
 3. The Brand “source” authenticator of claim 1 wherein saidauthentication indicia is of the 2D Data Matrix type;
 4. The Brand“source” authenticator of claim 3 wherein said authentication indicia isapplied to said carrier by the use of a laser.
 5. The Brand “source”authenticator of claim 1 wherein said authentication indicia is directpart marked onto said carrier.
 6. The Brand “source” authenticator ofclaim 2 wherein said authentication indicia also includes encodedsymbology with additional characterizations of the article to which saidcarrier is to be attached.
 7. The Brand “source” authenticator of claim1 wherein said authenticator indicia includes a Brand of theauthenticator.
 8. The Brand “source” authenticator of claim 7 whereinsaid authenticator indicia also includes a Brand of the “source” of thearticle to which the carrier is to be attached.
 9. A Brand “source”authentication system for multiple articles; comprising a). a Brand“source” authenticator to be attached to each such article; b). encodedBrand “source” authentication symbology carried by each of said Brand“source” authenticators; c). each said authentication symbologyincluding an indicia unique to the article to which it is to be attachedsuch that each of said Brand “source” authenticators is unique anddiffers from all other Brand “source” authenticators; d). said Brand“source” authentication symbology including said unique indicia beingapplied to each said authenticator by a party other then the Brand“source” .
 10. The Brand “source” authentication system of claim 9wherein the party other then the Brand “source” also maintains a datastorage file of the respective authentication symbology including saidunique indicia.
 11. The Brand “source” authentication system of claim 10wherein the respective authentication symbology with each said uniqueidentifier is entered into said data storage after its carrier isattached to an article preferably by the party attaching the carrier tothe article.
 12. The Brand “source” authentication system of claim 11including an imager/reader to image and decode said authenticationsymbology carried by said carrier and to effect a comparison thereofwith the data stored in said data storage.
 13. The Brand “source”authentication system of claim 12 including a printer for printing anauthentication certificate upon a positive comparison of said encodedsymbology carried by said carrier and said data stored in said datastorage.
 14. An Imager/reader; comprising a). a housing; b). a cameradevice located within said housing; c). a lens located within saidhousing in line with and spaced from said camera device; d). said cameraand lens establishing a focal plane; e). a nose cone carried by saidhousing; f). said nose cone being hollow inside and includingillumination transmissive walls g). said nose cone including an openingat its end which is sized to fit over encoded symbology and a length forsaid nose cone being such that when said nose cone is positioned againstencoded symbology the symbology will be in said focal plane to besubjected to be imaged by the imager/reader.